ESAPI defines security measures which protect web applications from typical attacks, such as cross site scripting and SQL injection. The documentation aims to prevent developers replicating security methods and helps them avoid mistakes.

A reference Java Edition of the OWASP ESAPI toolkit already exists, but Stock is working on a PHP version. In his blog, he reports that the essentials have passed the first set of unit tests in the exceptions class.

Van der Stock is looking for assistance from other PHP developers. His project website can be found at the OWASP wiki.